[Git][security-tracker-team/security-tracker][master] CVE-2017-1210{8,9} were adressed in 1.0.0-2 upload
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 25 12:37:24 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
58fb5814 by Salvatore Bonaccorso at 2018-04-25T13:35:37+02:00
CVE-2017-1210{8,9} were adressed in 1.0.0-2 upload
Note for reviewes, double check, but the patched code is at
@@ -995,12 +1127,20 @@ void xls_preparseWorkSheet(xlsWorkSheet*
/* If the ROW record is incorrect or missing, infer the information from
* cell data. */
case XLS_RECORD_MULRK:
+ if (tmp.size < sizeof(MULRK)) {
+ retval = LIBXLS_ERROR_PARSE;
+ goto cleanup;
+ }
if (pWS->rows.lastcol<xlsShortVal(((MULRK*)buf)->col) + (tmp.size - 6)/6 - 1)
pWS->rows.lastcol=xlsShortVal(((MULRK*)buf)->col) + (tmp.size - 6)/6 - 1;
if (pWS->rows.lastrow<xlsShortVal(((MULRK*)buf)->row))
pWS->rows.lastrow=xlsShortVal(((MULRK*)buf)->row);
break;
case XLS_RECORD_MULBLANK:
+ if (tmp.size < sizeof(MULBLANK)) {
+ retval = LIBXLS_ERROR_PARSE;
+ goto cleanup;
+ }
if (pWS->rows.lastcol<xlsShortVal(((MULBLANK*)buf)->col) + (tmp.size - 6)/2 - 1)
pWS->rows.lastcol=xlsShortVal(((MULBLANK*)buf)->col) + (tmp.size - 6)/2 - 1;
if (pWS->rows.lastrow<xlsShortVal(((MULBLANK*)buf)->row))
- - - - -
2 changed files:
- data/CVE/list
- data/DSA/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -43383,13 +43383,11 @@ CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the ...)
- r-cran-readxl 1.0.0-2 (bug #895564)
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462
CVE-2017-12109 (An exploitable integer overflow vulnerability exists in the ...)
- - r-cran-readxl <undetermined>
+ - r-cran-readxl 1.0.0-2
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461
- TODO: check, possibly fixed with DSA-4173-1 update
CVE-2017-12108 (An exploitable integer overflow vulnerability exists in the ...)
- - r-cran-readxl <undetermined>
+ - r-cran-readxl 1.0.0-2
NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460
- TODO: check, possibly fixed with DSA-4173-1 update
CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing ...)
NOT-FOR-US: Computerinsel Photoline
CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing ...)
=====================================
data/DSA/list
=====================================
--- a/data/DSA/list
+++ b/data/DSA/list
@@ -19,7 +19,7 @@
{CVE-2018-1084}
[stretch] - corosync 2.4.2-3+deb9u1
[16 Apr 2018] DSA-4173-1 r-cran-readxl - security update
- {CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12110 CVE-2017-12111}
+ {CVE-2017-2896 CVE-2017-2897 CVE-2017-2919 CVE-2017-12108 CVE-2017-12109 CVE-2017-12110 CVE-2017-12111}
[stretch] - r-cran-readxl 0.1.1-1+deb9u1
[14 Apr 2018] DSA-4172-1 perl - security update
{CVE-2018-6913}
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58fb58149b1659b33d6f72582db0ec0bf7989f87
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/58fb58149b1659b33d6f72582db0ec0bf7989f87
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180425/221d2af2/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list